<?php
/**
 * my_account.php
 * 
 * This file contains the code for the account management webpage for users.
 */
require_once 'interface.php';
session_start();
webpageDoctype();
print_html_title("Member System - My Account");
webpageMetaAndBodyStart();
$errorMsg = "";

if (strlen($_SESSION['username']) <= 0 && strlen($_SESSION['userid']) <= 0) {
	echo <<<EOL
	<div align="center">
	<p>
	<h3>
	Please login to your HyperLinks user account to access the My Account page.<br/>
	If you do not have a HyperLinks user account please register for an account <a href="register.php">here</a>.
	</h3>
	</p>
	</div>
EOL;
}
else {
	$username = $_SESSION['username'];
	if ($_POST['acct_submit'] === "Update") {
		$pass = $_POST['new_pass'];
		$confirm_pass = $_POST['re_pass'];
		if (strlen($pass) <= 0) {
			$errorMsg = "Please input a new password.<br/>";
		}
		else if (strlen($confirm_pass) <= 0) {
			$errorMsg = "Please confirm your new password.<br/>";
		}
		else if ($pass !== $confirm_pass) {
			$errorMsg = "Your new password and confirmation password do not match.<br/>";
		}
		else {
			require_once 'connect.php';
			mysql_query("UPDATE users SET password='$pass' WHERE username='$username'");
			if (mysql_errno() != 0) {
				$errorMsg = mysql_error()."<br/>";
			}
			else {
				echo <<<EOL
				<br/>
				<div align="center">
				<h3>
				You have successfully updated your HyperLinks user account.
				</h3>
				</div>
EOL;
				mysql_close($con);
				return;
			}
		}
	}
	echo <<<EOL
	<p><div align='center'>
	<h2>My Account</h2></p>
	<form action ='./my_account.php' method='post'>
	$errorMsg
	<p>
	<table border="0">
	<tr>
	<td>Username: </td><td>$username</td>
	</tr>
	<tr>
	<td>New Password: </td><td><input type="password" name="new_pass" /></td>
	</tr>
	<tr>
	<td>Confirm New Password: </td><td><input type="password" name="re_pass" /></td>
	</tr>
	</table>
	</p>
	<p>
	<input type="submit" name="acct_submit" value="Update" /> <a href="member.php" style="text-decoration:none"><input type="button" value="Cancel" /></a>
	</p>
	</form>
EOL;
}
webpageFooter();
?>